Exploiting autobiographical memory for fallback authentication on smartphones
Beschreibung
vor 8 Jahren
Smartphones have advanced from simple communication devices to
multipurpose devices that capture almost every single moment in our
daily lives and thus contain sensitive data like photos or contact
information. In order to protect this data, users can choose from a
variety of authentication schemes. However, what happens if one of
these schemes fails, for example, when users are not able to
provide the correct password within a limited number of attempts?
So far, situations like this have been neglected by the usable
security and privacy community that mainly focuses on primary
authentication schemes. But fallback authentication is comparably
important to enable users to regain access to their devices (and
data) in case of lockouts. In theory, any scheme for primary
authentication on smartphones could also be used as fallback
solution. In practice, fallback authentication happens less
frequently and imposes different requirements and challenges on its
design. The aim of this work is to understand and address these
challenges. We investigate the oc- currences of fallback
authentication on smartphones in real life in order to grasp the
charac- teristics that fallback authentication conveys. We also get
deeper insights into the difficulties that users have to cope with
during lockout situations. In combination with the knowledge from
previous research, these insights are valuable to provide a
detailed definition of fall- back authentication that has been
missing so far. The definition covers usability and security
characteristics and depicts the differences to primary
authentication. Furthermore, we explore the potential of
autobiographical memory, a part of the human memory that relates to
personal experiences of the past, for the design of alternative
fall- back schemes to overcome the well-known memorability issues
of current solutions. We present the design and evaluation of two
static approaches that are based on the memory of locations and
special drawings. We also cover three dynamic approaches that
relate to re- cent smartphone activities, icon arrangements and
installed apps. This series of work allows us to analyze the
suitability of different types of memories for fallback
authentication. It also helps us to extend the definition of
fallback authentication by identifying factors that influence the
quality of fallback schemes. The main contributions of this thesis
can be summarized as follows: First, it gives essen- tial insights
into the relevance, frequency and problems of fallback
authentication on smart- phones in real life. Second, it provides a
clear definition of fallback authentication to classify
authentication schemes based on usability and security properties.
Third, it shows example implementations and evaluations of static
and dynamic fallback schemes that are based on different
autobiographical memories. Finally, it discusses the advantages and
disadvantages of these memories and gives recommendations for their
design, evaluation and analysis in the context of fallback
authentication.
multipurpose devices that capture almost every single moment in our
daily lives and thus contain sensitive data like photos or contact
information. In order to protect this data, users can choose from a
variety of authentication schemes. However, what happens if one of
these schemes fails, for example, when users are not able to
provide the correct password within a limited number of attempts?
So far, situations like this have been neglected by the usable
security and privacy community that mainly focuses on primary
authentication schemes. But fallback authentication is comparably
important to enable users to regain access to their devices (and
data) in case of lockouts. In theory, any scheme for primary
authentication on smartphones could also be used as fallback
solution. In practice, fallback authentication happens less
frequently and imposes different requirements and challenges on its
design. The aim of this work is to understand and address these
challenges. We investigate the oc- currences of fallback
authentication on smartphones in real life in order to grasp the
charac- teristics that fallback authentication conveys. We also get
deeper insights into the difficulties that users have to cope with
during lockout situations. In combination with the knowledge from
previous research, these insights are valuable to provide a
detailed definition of fall- back authentication that has been
missing so far. The definition covers usability and security
characteristics and depicts the differences to primary
authentication. Furthermore, we explore the potential of
autobiographical memory, a part of the human memory that relates to
personal experiences of the past, for the design of alternative
fall- back schemes to overcome the well-known memorability issues
of current solutions. We present the design and evaluation of two
static approaches that are based on the memory of locations and
special drawings. We also cover three dynamic approaches that
relate to re- cent smartphone activities, icon arrangements and
installed apps. This series of work allows us to analyze the
suitability of different types of memories for fallback
authentication. It also helps us to extend the definition of
fallback authentication by identifying factors that influence the
quality of fallback schemes. The main contributions of this thesis
can be summarized as follows: First, it gives essen- tial insights
into the relevance, frequency and problems of fallback
authentication on smart- phones in real life. Second, it provides a
clear definition of fallback authentication to classify
authentication schemes based on usability and security properties.
Third, it shows example implementations and evaluations of static
and dynamic fallback schemes that are based on different
autobiographical memories. Finally, it discusses the advantages and
disadvantages of these memories and gives recommendations for their
design, evaluation and analysis in the context of fallback
authentication.
Weitere Episoden
vor 8 Jahren
vor 8 Jahren
vor 8 Jahren
Kommentare (0)